Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ransomware_script.exe

  • Size

    37.5MB

  • Sample

    241020-yn1w6axcjf

  • MD5

    2d4c59576dda8b8908f0e5cdb312a3c3

  • SHA1

    6caf414a462f9cdf1a27b8f4a97a740f57827c38

  • SHA256

    8e806e1b7fc3ad521d1055d416bad4e6cd10acb6af00eba4e36f1ace6b973446

  • SHA512

    bb4a41b963034126cb4ec0c6c42d95ad264b47a130023815543629568accace4e94377a79a32871d436f9a532548d9164150aea05ba2892f1f67d62ba4a505fc

  • SSDEEP

    786432:h9YiY+gX4BMdhwzTQXR5FbPp6FcSS5U/LT2KzVyPVLBd9mXMb8it9/7m:h9EXGMK4XR3bLSCU/+6yPl39mcK

Malware Config

Targets

    • Target

      ransomware_script.exe

    • Size

      37.5MB

    • MD5

      2d4c59576dda8b8908f0e5cdb312a3c3

    • SHA1

      6caf414a462f9cdf1a27b8f4a97a740f57827c38

    • SHA256

      8e806e1b7fc3ad521d1055d416bad4e6cd10acb6af00eba4e36f1ace6b973446

    • SHA512

      bb4a41b963034126cb4ec0c6c42d95ad264b47a130023815543629568accace4e94377a79a32871d436f9a532548d9164150aea05ba2892f1f67d62ba4a505fc

    • SSDEEP

      786432:h9YiY+gX4BMdhwzTQXR5FbPp6FcSS5U/LT2KzVyPVLBd9mXMb8it9/7m:h9EXGMK4XR3bLSCU/+6yPl39mcK

    • Renames multiple (19798) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks